U.S. Power Company Fined $2.7 Million for Security Flaws

U.S. Power Company Fined $2.7 Million for Security Flaws

According to an electronic filing, an unidentified American power company has reached a settlement to pay a $2.7 million penalty over significant security flaws that could have allowed hackers to gain remote access to their systems.

According to an electronic filing, an unidentified American power company has reached a settlement to pay a $2.7 million penalty over significant security flaws that could have allowed hackers to gain remote access to their systems.

According to a Notice of Penalty filed by the North American Electric Reliability Corporation, power regulators reached a settlement with the unidentified company after a security researcher found that more than 30,000 company records online were accessible without a password or any other protections. The company’s name was not disclosed.

“These violations posed a serious or substantial risk to the reliability of the bulk power station,” the filing says. The data associated with the exposure affected critical assets, including systems that control access to the unnamed company’s “control centers and substations, and a supervisory control and data acquisition (SCADA) system that stores [critical cyber asset] information.”

According to the filing, the data included usernames and “cryptographic information” of those usernames and passwords, and was exposed online for 70 days.

“Exposure of the username and cryptographic information could aid a malicious attacker in using this information to decode the passwords,” the filing said. “A malicious attacker could use this information to breach the secure infrastructure and access the internal [critical cyber assets] by jumping from host to host within the network.”

The $2.7 million penalty is pending approval of the Federal Energy Regulatory Commission.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3